A method, system, and computer-readable code for delegating authority and authentication from a client to a server in order that the server can establish a secure connection (using SSL or an analogous security protocol) to a back-end application on behalf of the client. This enables the true client's identity to be known to the application on the end-tier server. The proposed solution provides several alternative techniques, whereby the client establishes a secure session with a middle-tier server (MTS), and then delegates authority and authentication to the MTS in order that the MTS can establish a second SSL session to the ETS on behalf of this client.